svn commit: r1370540 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/FormAuthenticator.java webapps/docs/changelog.xml

[markt]

Author: markt
Date: Tue Aug  7 21:30:49 2012
New Revision: 1370540

URL: http://svn.apache.org/viewvc?rev=1370540&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
Ignore path parameters when comparing URIs for FORM authentication. This 
prevents users being prompted twice for passwords when logging in when session 
IDs are being encoded as path parameters.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1370537

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1370540&r1=1370539&r2=1370540&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
 Tue Aug  7 21:30:49 2012
@@ -498,7 +498,7 @@ public class FormAuthenticator
     }
 
       // Does the request URI match?
-      String requestURI = request.getRequestURI();
+      String requestURI = request.getDecodedRequestURI();
       if (requestURI == null) {
         return (false);
     }
@@ -658,7 +658,7 @@ public class FormAuthenticator
 
         saved.setMethod(request.getMethod());
         saved.setQueryString(request.getQueryString());
-        saved.setRequestURI(request.getRequestURI());
+        saved.setRequestURI(request.getDecodedRequestURI());
 
         // Stash the SavedRequest in our session for later use
         session.setNote(Constants.FORM_REQUEST_NOTE, saved);

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1370540&r1=1370539&r2=1370540&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Aug  7 21:30:49 2012
@@ -89,6 +89,12 @@
         <bug>53535</bug>: Reduce memory footprint when performing class 
scanning
         on Context start. Patch provided by Cedomir Igaly. (markt)
       </fix>
+      <fix>
+        <bug>53584</bug>: Ignore path parameters when comparing URIs for FORM
+        authentication. This prevents users being prompted twice for passwords
+        when logging in when session IDs are being encoded as path parameters.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org